VYPR

ZKBio CVSecurity V6600

by Zkteco

CVEs (10)

  • CVE-2024-36526CriJul 9, 2024
    risk 0.64cvss 9.8epss 0.01

    ZKTeco ZKBio CVSecurity v6.1.1 was discovered to contain a hardcoded cryptographic key.

  • CVE-2024-35433HigMay 30, 2024
    risk 0.53cvss 8.1epss 0.00

    ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Incorrect Access Control. An authenticated user, without the permissions of managing users, can create a new admin user.

  • CVE-2024-35430HigMay 30, 2024
    risk 0.53cvss 8.1epss 0.01

    In ZKTeco ZKBio CVSecurity v6.1.1_R and earlier (fixed in 6.1.3_R) an authenticated user can bypass password checks while exporting data from the application.

  • CVE-2024-35431HigMay 30, 2024
    risk 0.49cvss 7.5epss 0.01

    ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Directory Traversal via photoBase64. An unauthenticated user can download local files from the server. NOTE: Third parties have indicated other versions are also vulnerable including up to 6.4.1.

  • CVE-2024-35428HigMay 30, 2024
    risk 0.46cvss 7.1epss 0.01

    ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Directory Traversal via BaseMediaFile. An authenticated user can delete local files from the server which can lead to DoS.

  • CVE-2024-35429MedMay 30, 2024
    risk 0.42cvss 6.5epss 0.01

    ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Directory Traversal via eventRecord.

  • CVE-2024-35432MedMay 30, 2024
    risk 0.40cvss 6.1epss 0.00

    ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Cross Site Scripting (XSS) via an Audio File. An authenticated user can injection malicious JavaScript code to trigger a Cross Site Scripting.

  • CVE-2024-6006LowJun 15, 2024
    risk 0.23cvss 3.5epss 0.00

    A vulnerability was found in ZKTeco ZKBio CVSecurity V5000 4.1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Summer Schedule Handler. The manipulation of the argument Schedule Name leads to cross site scripting. The…

  • CVE-2024-6005LowJun 15, 2024
    risk 0.23cvss 3.5epss 0.00

    A vulnerability was found in ZKTeco ZKBio CVSecurity V5000 4.1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Department Section. The manipulation of the argument Department Name leads to cross site scripting.…

  • CVE-2024-6344LowJun 26, 2024
    risk 0.16cvss 2.4epss 0.00

    A vulnerability, which was classified as problematic, was found in ZKTeco ZKBio CVSecurity V5000 4.1.0. This affects an unknown part of the component Push Configuration Section. The manipulation of the argument Configuration Name leads to cross site scripting. It is possible to…